Watermarking and Session Capture Protection in Azure Virtual Desktop using Microsoft Intune and Azure Active Directory

In the latest release of Azure Virtual Desktop (AVD) in July 2023, two exciting features have become generally available: Watermarking and Session Capture protection. These features provide an additional layer of security for your virtual desktops and help protect sensitive data from being leaked or misused. In this blog post, we will explore how to enable these features using Microsoft Intune for session host virtual machines that are Azure Active Directory (AAD) joined.

Requirements

————

Before you can roll out Watermarking and Session Capture protection, you will need the following:

* Supported client devices: To use these features, your clients must be running Azure Virtual Desktop Client or Remote Desktop Client versions 1.2.x. The features are not supported on RemoteApps.

* AAD-joined session host virtual machines: Your session host virtual machines must be joined to your Azure Active Directory (AAD) tenant.

Enabling Watermarking and Session Capture Protection using Microsoft Intune

————————————————————————

To enable Watermarking and Session Capture protection, you can use Microsoft Intune configuration profiles. Here are the steps to follow:

1. Connect to a remote session with a supported client (Azure Virtual Desktop Client or Remote Desktop Client versions 1.2.x). When you open a remote session, you should see QR codes appear. The QR code only works for Windows 11 Multi-sessionWindows 11 Enterprise (pooled or personal desktops).

2. Take a screenshot of the remote session using your mobile device. When you try to take a screenshot, the screen will be completely blank, as shown in the example below.


3. The QR code will pop up on your mobile device with the Connection ID. You can match this Connection ID in Azure Insights to find out the session information.

How to Find Session Information from QR Code using Azure Virtual Desktop Insights

—————————————————————————–

To find out the session information from the QR code, you can follow these steps:

1. Open Azure Virtual Desktop Insights and navigate to the Sessions tab.

2. Click on the “Filter” button and select “Connection ID” from the dropdown menu.

3. Enter the Connection ID you obtained from the QR code in the search bar and click “Apply”.

4. You will now see all the sessions associated with the specified Connection ID.

Benefits of Watermarking and Session Capture Protection

—————————————————

Watermarking and Session Capture protection offer several benefits, including:

* Enhanced security: These features provide an additional layer of security for your virtual desktops, helping to protect sensitive data from being leaked or misused.

* Improved compliance: By enabling these features, you can demonstrate compliance with regulatory requirements and industry standards, such as GDPR and HIPAA.

* Better user experience: Watermarking and Session Capture protection can help to prevent unauthorized access to your virtual desktops, providing a better user experience and reducing the risk of data breaches.

Conclusion

———-

In this blog post, we have explored how to enable Watermarking and Session Capture protection using Microsoft Intune for session host virtual machines that are Azure Active Directory joined. We have also discussed the benefits of these features, including enhanced security, improved compliance, and better user experience. By implementing these features, you can provide an additional layer of security for your virtual desktops and help protect sensitive data from being leaked or misused.